Question 12
Domain 5: Protecting Personal Data Through Operational ControlsA procurement team is updating its vendor review checklist for a new AI-enabled service. Based on the stated requirement for emerging technologies, which addition should be made to the checklist?
Correct answer: C
Explanation
When reviewing emerging technologies and AI-enabled services, procurement controls should explicitly include privacy criteria as part of the evaluation. — Add privacy criteria for emerging technologies and AI-enabled services.
Why each option is right or wrong
A. Add only cybersecurity criteria for AI-enabled services
The requirement specifies adding privacy criteria, not limiting review to cybersecurity criteria alone.
B. Add privacy criteria only for legacy systems, not emerging technologies
The requirement applies to emerging technologies and AI-enabled services, not only to legacy systems.
C. Add privacy criteria for emerging technologies and AI-enabled services
The stated requirement is to add privacy criteria for emerging technologies and AI-enabled services. Because the checklist is being updated for a new AI-enabled service, this addition directly matches the required procurement control.
D. Add privacy criteria only after the vendor has been selected
The requirement is to add privacy criteria to the evaluation, not defer them until after vendor selection.